Authorization Services Programming Guide

Glossary

administrator

A user in the admin group. The user who installs OS X is automatically assigned to the admin group. An administrator has fewer privileges than root, but more privileges than a normal user. An administrator cannot create, delete, or move files in the system domain.

authentication

The act of verifying identity with something the user has, knows, or is. For example, a user knows information such as a name and password. The user may have something physical such as a smart card. The identity can be something the user is—a physical feature such as a fingerprint or retinal scan. Authentication may require two or more forms of identification.

authorization

The act of granting a right. For example, a user asks for the right to perform an operation. The Security Server grants authorization after the user fulfills the rules specified in the policy database—such as providing a credential or authenticating.

authorization option

A parameter or field that instructs the Security Server how to proceed with a request. Options include requesting preauthorization, requesting partial authorization, appending rights, and interacting with the user.

authorization reference

The Security Server uses the authorization reference to access an authorization session associated with a process.

Authorization Services

An API that facilitates fine-grain control of privileged operations, such as accessing restricted areas of the operating system and self-restricted parts of your Mac app. The Security Server uses policy-based decisions to authorize rights for users.

biometric identifier

A measurement of biological matter used for identification—for example, fingerprints, retinal scans, and face recognition.

credential

Proof of user authentication. used by the Security Server. When the Security Server authenticates a user, it creates a credential as part of the authorization session.

factored application

An application that uses a helper tool to perform specific tasks. Interprocess communication mechanisms are used to communicate between processes. In a factored application that uses Authorization Services, factor the code that performs privileged operations is factored into a separate helper tool.

helper tool

A tool that executes some of an application’s functions as a separate process. In the case of security, a helper tool performs privileged operations for the application. See also setuid tool.

key

The name of a rule. The Security Server uses a rule’s key to match a right with a rule.

permissions

In BSD, a set of attributes governing who can read, write, and execute resources in the file system. The output of the ls -l command represents permissions as a nine-position code segmented into three binary three-character subcodes; the first subcode gives the permissions for the owner of the file, the second for the group that the file belongs to, and the last for everyone else. For example, -rwsr-xr-- means that the owner of the file has read, write, execute permissions (rwx); the group has read and execute permissions (r-x); all others have only read permissions. (The left-most position is reserved for a special character that says if this is a regular file (-), a directory (d), a symbolic link (l), or a special pseudo file device.) The execute bit has a different semantic for directories, meaning they are searchable.

policy-based system

A system that requires authorization to perform a privileged operations.

policy database

A database containing the set of rules the Security Server uses to determine authorization.

preauthorization

A form of authorization used before performing the actual authorization. Preauthorization is used to determine if a user has the possibility of authorizing later.

privileged operation

An operation that requires special rights or permissions. For example, all operations a user performs as root are privileged.

right

A named privilege. The Security Server authorizes rights for a user to perform a privileged operation.

rule

A set of attributes used to set security policies for applications and for the system. See also policy database.

root

(1) The user with unlimited system privileges. Also called the superuser. (2) The top directory in a BSD-style directory hierarchy. Written as a slash (/), it is the first element in every absolute pathname.

Security Server

A Core Services application in OS X that deals with authorization and authentication through interaction with the policy database and Pluggable Authentication Modules (PAM).

self-restricted application

An application that restricts part of its features to specific users.

setuid bit

The fourth bit in a resource’s permissions code. When this bit is set to s, the system allows the process running it to masquerade as another user. For example, -r-sr-xr-x 1 root wheel traceroute allows the process running the traceroute utility to run as root.

setuid tool

A tool that has its setuid bit set.

system-restricted application

An application that has a portion of its features restricted to specific users because of the BSD permissions system.